CCS-AD researchers perform multi-disciplinary research in security and privacy in board range of areas. Some examples of ongoing research include:
System and Network Security
Monitoring and analysis of network events has become both increasingly critical and increasingly complex. This is primarily due to the rapidly evolving and highly adaptive nature of network attacks and the amount of data today’s high speed networks are capable of handling. The ability to gather information and evidence from network traffic data to investigate attacks and incidents requires effective techniques for capturing, storing, analyzing and managing network data. //Our research in this area addresses numerous challenges surrounding network data, including exploring new ways of representing network data more succinctly and organizing network based evidence on the storage for more efficient analysis. To address the inherent difficulty of devising reliable attack signatures, we investigate new methods for network based behavioral analysis and novel approaches to mining network data.
Digital forensics has emerged to assist law enforcement in investigation of crimes involving digital technology. However, the increase in the amount of data that is subject to forensics analysis in a typical investigation and the proliferation of cloud services are likely to render most of today’s widely deployed digital forensics tools ineffective. Our research is focused on developing efficient and novel evidence extraction, search, attribution and analysis techniques that will be used by practitioners in the field.
Trusted Hardware Design
The hardware trust research addresses the problem of securing the hardware root of trust against hardware trojans, piracy, and backdoors using logic encryption that leverage fault analysis principles from VLSI testing.
Smart Grid Security
Grid security is a system level problem where security must be part of the design, part of each element, and part of how those elements communicate. Those system elements today do not have a high assurance that the devices and users they communicate with are what they claim to be, or that the messages they receive are complete and unaltered, or that the software that they run is the unaltered, and verified software. Our goal is to develop a new component for each element that will be the key enabler for system level security well beyond what is attainable now. To perform all security critical functions with high assurance, we develop interoperable Trusted Platform Modules (TPMs). //Our research focuses on the technical capabilities and design of the TPM, standards to ensure TPM and control element interoperability across regions, and policies/standards to promote the deployment of interoperable TPMs across the grid.
Economics of Information Security in Critical Infrastructure
Information security is not only in the interest of the firms and users, but also of society in general. One research area that requires a combination of business, public policy, and technology issues is the sharing of security related information among firms and organizations as a tool to improve the defense of enterprises. One key area of focus of this project is the information security of ports to reduce the risk to ports from the threat posed by unlawful acts such as terrorism and contraband goods smuggling. In our research, to address this problem, we build a game-theoretic framework consisting of multiple entities involved in the security and operations of ports in a multi-stage non-cooperative game.
Cyber-Infrastructure Connections and Security
Cyber attacks make the vital transportation, energy, communication, water and environmental infrastructure services particularly vulnerable. This threat is underscored by the increasing use of IT and the Internet in infrastructure control systems that also include insecure legacy sub-systems. New innovations such as the smart grid that are making the use of renewable resources possible are increasing the need to integrate corporate IT and the Internet with infrastructure control. Our research tries to identify critical connections between cyber systems and vital infrastructure systems worldwide that are most likely to threaten social and economic security. The research is based on two thrusts: understanding the infrastructure, interconnections, and interfaces with cyber control; and understanding the potential vulnerabilities in that control and the impacts of successful attacks on the infrastructure.